Chaining Bugs to Exploit Browser Plug-Ins

This video is a short demo of an attack that researcher Billy Rios developed to exploit a series of bugs in browser plug-ins. By chaining the vulnerabilities together, Rios is able to steal content from a victim’s machine. The slides containing the code for the attack are available on Rios’s blog...

Race condition

Race condition in the SPICE aka spice-activex plug-in for Internet Explorer in Red Hat Enterprise Virtualization RHEV Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in...

CVE-2010-2793

CVE-2010-2793 describes a race-condition in the SPICE plug-in for Internet Explorer used by Red Hat Enterprise Virtualization Manager (RHEV) prior to 2.2.4. The flaw lets a local attacker potentially gain privileges by exploiting knowledge of a specific named pipe and using ImpersonateNamedPipeCl...

CVE-2010-2793

Race condition in the SPICE aka spice-activex plug-in for Internet Explorer in Red Hat Enterprise Virtualization RHEV Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in...

SuSE 11 Security Update : Xen (SAT Patch Number 2230)

Collective Xen/201004 Update, containing fixes for the following issues : - pygrub, reiserfs: Fix on-disk structure definition bnc537370 - Xen on SLES 11 does not boot - endless loop in ATA detection bnc561912 - xend leaks memory bnc564750 - Keyboard Caps Lock key works abnormal under SLES11 xen...

SuSE 11 Security Update : IBM Java 6 (SAT Patch Number 2548)

This update of IBM Java 6 to SR 8 to fixes the following security issues : - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors...

Arachni v0.2.1 - penetration testers Framework - latest release

"Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications." This is the official change log: Major performance improvements Major system refactoring and code clean-up Major module API...

Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities

Versions of Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache modperl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services -...

Mac OS X Multiple Vulnerabilities (Security Update 2010-007)

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache modperl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdevcmds - Disk...

VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow

VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow source: https://www.securityfocus.com/bid/44909/info VLC Media Player is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers...

Oracle Java SE Multiple Vulnerabilities (Windows)

This host is installed with Oracle Java JDK/JRE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavasemultvulnoct10win.nasl 11742 2010-10-25 15:43:20Z oct$ Oracle Java SE Multiple Vulnerabilities Windows Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

Design/Logic Flaw

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

JDK unspecified vulnerability in New Java Plugin component

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

[SECURITY] Fedora 14 Update: bind-dyndb-ldap-0.1.0-0.14.b.fc14

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

Adobe Shockwave Director tSAC Chunk Parsing Memory Corruption (CVE-2010-2866)

Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A remote code execution vulnerability has been identified in Adobe Shockwave Player. The vulnerability is d...

libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files

Heap-based buffer overflow in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file...

SuSE9 Security Update : IBM Java (YOU Patch Number 12626)

This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and security issues : - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via...

CVE-2010-2792

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

Code injection

The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...

CVE-2010-2792

CVE-2010-2792 is a race-condition vulnerability in the SPICE Firefox plug‑in (spice-xpi) and its qspice-client interaction. The plug‑in and client communicate over a UNIX socket; an attacker locally could abuse this to access authentication details and perform a man‑in‑the‑middle attack on the SP...